diff --git a/.env b/.env index 8e2b6f1..9b904f2 100644 --- a/.env +++ b/.env @@ -1,5 +1,9 @@ COMPOSE_PROJECT_NAME= NETWORK_NAME= +TRAEFIK_APP_NAME= +TRAEFIK_ENTRYPOINTS=web-secure +# TRAEFIK_ENTRYPOINTS=web-secure-ext +WEB_HOST= # WEB APP_BASE_PATH=/login @@ -16,7 +20,4 @@ LDAP_ATTRIBUTE= API_SECRET= API_TOKEN_TTL= -API_CACHE_TTL= - -REDIS_HOST=redis -REDIS_PORT= \ No newline at end of file +API_CACHE_TTL= \ No newline at end of file diff --git a/config/nginx.conf b/config/nginx.conf new file mode 100644 index 0000000..9e25978 --- /dev/null +++ b/config/nginx.conf @@ -0,0 +1,93 @@ + + worker_processes auto; + +events { + worker_connections 1024; +} + + +http { + + upstream web { + server web:3000; + } + + upstream api { + server api:3001; + } + + upstream app { + server application:80; + } + + + server { + listen 80; + include /etc/nginx/mime.types; + + gzip on; + gzip_min_length 1000; + gzip_proxied any; + gzip_comp_level 1; + gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; + gzip_vary on; + gzip_disable "msie6"; + + + error_page 401 /login; + + + location = /auth { + internal; + + proxy_pass http://api; + + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Original-Remote-Addr $remote_addr; + proxy_set_header X-Original-Host $host; + proxy_intercept_errors on; + } + + location ~ ^/(signin|logout|get-user) { + proxy_pass http://api; + + proxy_redirect off; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Original-Remote-Addr $remote_addr; + proxy_set_header X-Original-Host $host; + } + + location ~ ^/login { + proxy_pass http://web; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + + location / { + proxy_pass http://app; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + auth_request /auth; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + } + + location = /health { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 'UP'; + } + } +} \ No newline at end of file diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml new file mode 100644 index 0000000..68e0b90 --- /dev/null +++ b/docker-compose.traefik.yml @@ -0,0 +1,15 @@ +version: '3' + +services: + server: + container_name: ${TRAEFIK_APP_NAME} + labels: + - 'traefik.enable=true' + - 'traefik.backend=${TRAEFIK_APP_NAME}' + - 'traefik.docker.network=web' + - 'traefik.http.routers.${TRAEFIK_APP_NAME}.rule=Host(`${WEB_HOST}`)' + - 'traefik.http.routers.${TRAEFIK_APP_NAME}.entrypoints=${TRAEFIK_ENTRYPOINTS}' + - 'traefik.http.routers.${TRAEFIK_APP_NAME}.tls.certresolver=le' + - 'traefik.port=80' + networks: + - web diff --git a/docker-compose.yml b/docker-compose.yml index f6cc7fb..fc5109c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,6 +8,7 @@ services: restart: always networks: - auth_network + api: build: context: . @@ -33,11 +34,19 @@ services: ALLOW_EMPTY_PASSWORD: 'yes' networks: - auth_network - auth_server: - image: nginx + + server: + extends: + file: docker-compose.traefik.yml + service: server + image: nginx:alpine volumes: - - ./nginx.conf:/etc/nginx/nginx.conf + - ./config/nginx.conf:/etc/nginx/templates/default.conf.template restart: always + depends_on: + - web + - api + - redis networks: - auth_network - app_network @@ -47,3 +56,5 @@ networks: app_network: external: true name: ${NETWORK_NAME} + web: + external: true diff --git a/example/nginx.conf b/example/nginx.conf deleted file mode 100644 index 948ee87..0000000 --- a/example/nginx.conf +++ /dev/null @@ -1,58 +0,0 @@ - - worker_processes auto; - -events { - worker_connections 1024; -} - - -http { - - upstream auth_server { - server auth_server:80; - } - - upstream application { - server application:3000; - } - - server { - listen 80; - include /etc/nginx/mime.types; - - error_page 401 /login; - - - location = /auth { - internal; - - proxy_pass http://auth_server; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-Remote-Addr $remote_addr; - proxy_set_header X-Original-Host $host; - proxy_intercept_errors on; - } - - location ~ ^/(login|signin|logout|get-user) { - proxy_pass http://auth_server; - - proxy_redirect off; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-Remote-Addr $remote_addr; - proxy_set_header X-Original-Host $host; - } - - - location / { - proxy_pass http://application/; - - auth_request /auth; - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - } - - } -} \ No newline at end of file diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index 8a13453..0000000 --- a/nginx.conf +++ /dev/null @@ -1,41 +0,0 @@ - -worker_processes 4; - -events { - worker_connections 1024; -} - - -http { - upstream web { - server web:3000; - } - - upstream api { - server api:3001; - } - - server { - listen 80; - include /etc/nginx/mime.types; - - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - location / { - proxy_pass http://api/; - } - - location /login { - proxy_pass http://web; - - limit_except GET { - deny all; - } - } - } -} \ No newline at end of file